HIPAA Jeopardy - Privacy Rule Questions and Answers

HIPAA Jeopardy
Privacy Rule Questions and Answers
Thank you to Advance Magazine for permission to use this article
-

Answer	Question
The document that describes the uses and disclosures of an individual's protected health information.	What is a notice or notice of privacy practices?
Documentation that an individual was provided a notice.	What is an acknowledgement?
An individual's right to request communications by alternative means or at an alternative address.	What are confidential communications?
A document signed by the patient or legal representative giving an organization permission to disclose protected health information.	What is an authorization?
The three uses of protected health information for which an authorization is generally not needed.	What are treatment, payment, and healthcare operations?
A record of the disclosures of one's health information.	What is an accounting of disclosures?
A standard requiring that a covered entity make reasonable efforts to limit protected health information requested, used or disclosed to only that which is needed.	What is the minimum necessary standard?
The organization responsible for investigating alleged violations of the privacy rule.	Who is the Office for Civil Rights?
The right to request restrictions, to receive confidential communications, to inspect and copy, to amend, to receive an accounting and to obtain a paper copy of the notice.	What are the individual's rights?
No later than the date of the first service delivery.	When must the notice be provided to the individual?
The individual to whom requests for restrictions are to be referred.	Who is the privacy officer? (facility specific, modify as needed)
The department to whom requests for access or amendment are to be referred.	Who is the health information management department? (facility specific, modify as needed)
Once agreed to by the covered entity, the covered entity must adhere to this type of patient request.	What is a restriction?
The period of time the privacy rule requires that documentation be maintained.	What is six years?
Two types of data sets that exclude specific identifiers.	What are limited data sets and de-identified information
Information that can be disclosed to people who ask about a patient by name.	What is directory information or the patient's name, location in the facility, and general condition.